Ransomware criminal group leaks MSI’s private code on darkweb

The ransomware gang responsible for targeting Taiwanese PC manufacturer MSI has leaked the private code signing keys of the company available on their darkweb leak site. The attack, orchestrated by the group known as Money Message, was announced in early April: The group revealed that they had successfully breached the systems of MSI, a multinational IT corporation renowned for its production and distribution of motherboards and graphics cards worldwide, including in the USA and Canada. MSI is headquartered in Taipei, Taiwan.

It is reported that initially, the criminal group demanded a ransom from MSI, threatening to publish the stolen files if their demands were not met by a specified deadline. However, the group has eventually exposed MSI’s private code signing keys on their darkweb leak site. These keys are of significant importance as they are used to authenticate the legitimacy and integrity of software and firmware updates released by the company. Malicious actors could potentially misuse these keys to distribute malware or carry out other malicious activities, putting MSI’s customers at risk. The company now faces the daunting task of mitigating the potential fallout from this exposure and bolstering their cybersecurity measures to prevent further unauthorized access.